• Skip to primary navigation
  • Skip to main content
CVE Vulnerability

CVE Vulnerability

  • CVE’s
  • Products
  • Vendors
Home » CVE’s

CVE’s


CVE
Vendors
Products
Updated
CVSS v2
CVSS v3
CVE-2022-1335
2022-06-17
N/A
4.8 MEDIUM
The Slideshow CK WordPress plugin before 1.4.10 does not sanitize and escape Slide's descriptions, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks when unfiltered_html is disallowed
CVE-2022-1334
2022-05-24
N/A
4.8 MEDIUM
The WP YouTube Live WordPress plugin before 1.8.3 does not validate, sanitise and escape various of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE-2022-1333
2022-04-21
N/A
6.5 MEDIUM
Mattermost Playbooks plugin v1.24.0 and earlier fails to properly check the limit on the number of webhooks, which allows authenticated and authorized users to create a specifically drafted Playbook which could trigger a large amount of webhook requests leading to Denial of Service.
CVE-2022-1332
2022-04-20
N/A
4.3 MEDIUM
One of the API in Mattermost version 6.4.1 and earlier fails to properly protect the permissions, which allows the authenticated members with restricted custom admin role to bypass the restrictions and view the server logs and server config.json file contents.
CVE-2022-1331
Deltaww, Dmars
Asda_soft, Cncsoft, Cncsoft-b, Cncsoft_screeneditor, Cnssoft_screeneditor, Commgr, Dcisoft, Delta_industrial_automation_dopsoft, Delta_industrial_automation_pmsoft, Delta_industrial_automation_screen_editor
2022-05-10
N/A
5.5 MEDIUM
In four instances DMARS (All versions prior to v2.1.10.24) does not properly restrict references of XML external entities while processing specific project files, which may allow unauthorized information disclosure.
CVE-2022-1330
2022-04-20
N/A
5.4 MEDIUM
stored xss due to unsantized anchor url in GitHub repository alvarotrigo/fullpage.js prior to 4.0.4. stored xss .
CVE-2022-1329
2022-11-08
N/A
8.8 HIGH
The Elementor Website Builder plugin for WordPress is vulnerable to unauthorized execution of several AJAX actions due to a missing capability check in the ~/core/app/modules/onboarding/module.php file that make it possible for attackers to modify site data in addition to uploading malicious files that can be used to obtain remote code execution, in versions 3.6.0 to 3.6.2.
CVE-2022-1328
2022-10-14
N/A
5.3 MEDIUM
Buffer Overflow in uudecoder in Mutt affecting all versions starting from 0.94.13 before 2.2.3 allows read past end of input line
CVE-2022-1327
2022-10-26
N/A
4.8 MEDIUM
The Image Gallery WordPress plugin before 1.1.6 does not sanitize and escape some of its Image fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
CVE-2022-1326
2022-07-07
N/A
4.8 MEDIUM
The Form - Contact Form WordPress plugin through 1.2.0 does not sanitize and escape Custom text fields, which could allow high-privileged users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
« Previous 1 … 10,967 10,968 10,969 10,970 10,971 … 11,258 Next »

Copyright CVE Vulnerabilities 2023
Data Sources:

  • NIST
  • MITRE
  • CVE Search
  • Open CVE